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DETAILED ACTION 

1 . Currently pending claims are 1 - 34. 

Response to Arguments 

2. Applicant's arguments with respect to the subject matter of the instant claims 
have been fully considered but are not persuasive. 

3. As per claim 1, Applicant argues: "Sprunk does not teach receiving a first input 
key because the Initial Vector (IV) can't be considered as an input key". Examiner 
respectfully disagrees because any key material information used in the system 
designed for security purpose assurance is qualified as a piece of key information and 
as such an input Initial Vector (IV) as to the cryptographic system is qualified as an input 
key information . Therefore, Applicant's arguments are respectfully traversed. 

Furthermore, Applicant argues: "Sprunk does not teach said output key is 
unique". Examiner respectfully disagrees. Examiner notes the broadest and 
reasonable claim interpretations are made, according to MPEP 2111, such that the 
scope of uniqueness of said output key is interpreted as the following two rationale: (a) 
generating an output key that is used, in turn, by DES generator 425 to generate 
another key (Para [0036] Line 12) - i.e. the stage of dual DES generator generates a 
different / another key from the input key-1 and input key-2; Examiner notes another 
key, as per its context value or the stored location of the key, can be broadly interpreted 
as a different key to meet the claim language and (b) Sprunk teaches the desirable 
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output key should not be repeated (Para [0017] Line 4 - 5). Therefore, Applicant's 
arguments are respectfully traversed. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that 
forms the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351 (a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if the international application 
designated the United States and was published under Article 21 (2) of such treaty in the English language. 

4. Claims 1, 2, 6, 10 - 12, 16, 20 - 22, 26, and 30 - 31 are rejected under 35 
U.S.C. 102(e) as being anticipated by Sprunket al. (U.S. Patent 2003/0007644). 

As per claim 1 , Sprunk teaches a method for producing a secure key, the method 
comprising: 

receiving at least a first input key, a second input key and a third input key 
(Sprunk: Figure 4 and Para [0036]: Key-1 , Key-2 are qualified as a first input key, a 
second input key, respectitively and the IV (Initial Value) is considered as one of key 
variation values and is qualified as a third input key); and 

generating a first output key based on said at least said first input key, said 
second input key and said third input key (Sprunk: Figure 4 and Para [0036]), wherein 
said first output key is unique and differs from said at least said first input key (Sprunk: 
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Figure 4, Para [0017] Line 4 - 5 and Para [0036] Line 12: (a) the IV, Key 1 and Key 2 
are known and DES generator 420 to generate a key that is used, in turn, by DES 
generator 425 to generate another key (Para [0036] Line 12) - i.e. the stage of dual 
DES generator generates a different / another key from the input key-1 and input key-2; 
Examiner notes another key, as per its context value or the stored location of the key, 
can be broadly interpreted as a different key to meet the claim language and (b) Sprunk 
teaches the desirable output key should not be repeated (Para [0017] Line 4 - 5). 

As per claim 1 1 and 21 , Sprunk teaches a machine-readable storage having 
stored thereon, a computer program having at least one code section for producing a 
secure key, the at least one code section being executable by a machine for causing 
the machine to perform steps (Sprunk: Figure 1 & 4 and Para [0028]) comprising: 

receiving at least a first input key, a second input key and a third input key 
(Sprunk: Figure 4 and Para [0036]: Key-1, Key-2 are qualified as a first input key, a 
second input key, respectitively and the IV (Initial Value) is considered as one of key 
variation values and is qualified as a third input key); and 

generating a first output key based on said at least said first input key, said 
second input key and said third input key (Sprunk: Figure 4 and Para [0036]), wherein 
said first output key is unique and differs from said at least said first input key (Sprunk: 
Figure 4, Para [0017] Line 4 - 5 and Para [0036] Line 12: (a) the IV, Key 1 and Key 2 
are known and DES generator 420 to generate a key that is used, in turn, by DES 
generator 425 to generate another key (Para [0036] Line 12) - i.e. the stage of dual 
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DES generator generates a different / another key from the input key-1 and input key-2; 
Examiner notes another key, as per its context value or the stored location of the key, 
can be broadly interpreted as a different key to meet the claim language and (b) Sprunk 
teaches the desirable output key should not be repeated (Para [0017] Line 4 - 5). 

As per claim 31 , Sprunk teaches a system for producing a secure key, the 
system comprising: 

a mapper (Sprunk: Figure 4 / Element 420 / 425 and Para [0036]: the first stage 
of dual DES Key Generator is considered as a key mapper); 

a scrambler coupled to said mapper (Sprunk: Figure 4 / Element 450 / 455 / 456 
and Para [0039]: the second stage of dual DES key scrambler (i.e. the key hashing 
function) can be considered as the scrambling function); 

a masker coupled to said mapper (Sprunk: Figure 4 / Element 435 / 437 and 
Para [0036]: the AND gate is considered as a masking function); 

a key generator coupled to said scrambler mapper (Sprunk: Figure 4 / Element 
465 / 470 and Para [0039]); and 

an XOR operator coupled to said masker and said scrambler (Sprunk: Figure 4 / 
Element 460 and Para [0039]: the Adder (i.e. an equivalent XOR entity (Figure 4 / 
Element 460)) performs an exclusive ORing function). 

As per claim 2, 12 and 22, Sprunk teaches said first input key is a customer key, 
said second input key is a customer key selection and said third input key is a key 
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variation (Sprunk: Para [0036] and Para [0037]: The IV, Key 1 and Key 2 are known and 
supplied, for example, by a governmental agency - the customer is government agency 
and the IV is consider as a key variation). 

As per claim 6, 16 and 26, Sprunk teaches mapping said at least said first input 
key, said second input key and said third input key to generate mapped output key data 
(Sprunk: Figure 4 / Element 420 / 425 / 427 and Para [0036]: the output key data from 
the first stage of dual DES key generator at Figure 4 / Element 427 is considered as 
mapped output key data to meet the claim language). 

As per claim 10, 20 and 30, Sprunk teaches transferring said generated first 
output key to an encryption engine that utilizes said generated first output key to encrypt 
information (Sprunk: Figure 3 / Element 340 and Para [0035] Line 9 - 1 1 : the new 
output key is used to encrypt the information). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 
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5. Claims 3 - 5, 13 - 15 and 23 - 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sprunk et al. (U.S. Patent 2003/0007644), in view of Schneier 
("Applied Cryptography, Second Edition", 1996). 

As per claim 3, 13 and 23, Sprunk teaches the desirable output key should be 
unique (Sprunk: Para [0017] Line 4-5: the output key should not be repeated) . 
However, Sprunk does not disclose expressly the desirable output key is not equivalent 
to said at least said first input key. 

Schneier teaches the desirable output keys differ from said at least said first input 
key (Schneier: Page 282, 2 nd Para / Line 3: a complementary key is interpreted as an 
equivalent key and should be tested and avoided). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Naclerio within the system of Sprunk 
because (a) Sprunk teaches a method for generating, from the input keys, an encryption 
output key that should not be weaken for the purpose against hostile attackers (Sprunk: 
Para [0041] and [0007]) and (b) Schneier teaches a complementary key is interpreted 
as an equivalent key and should be tested and avoided in that situation (Schneier: Page 
282, 2 nd Para / Line 3). 

According Sprunk in view of Schneier teaches: 

determining whether said first output key is at least one of a unique key and is 
not equivalent to said at least said first input key (Sprunk: Para [0017] Line 4 - 5 & Para 
[0036] & Schneier: Page 282, 2 nd Para / Line 3: (a) Sprunk teaches the desirable output 
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key should be unique (Para [0017] Line 4-5: the output key should not be repeated (b) 
Schneier teaches the users should be warned unless the output key is not a 
complement key - i.e. a complementary key is interpreted as an equivalent key and 
should be tested and avoided). 

if said first output key is at least one of a non-unique key and is equivalent to said 
at least said first input key, generating a second output key based on a modified one of 
at least one of said first input key, said second input key and said third input key 
(Sprunk: Figure 4, Para [0037] - [0039] and Para [0041]: Examiner notes the prior-art 
teaches generating a second output key (Figure 4 / Element 465) from the first output 
key (Figure 4 / Element 427) regardless the outcomes of the IF condition that can meet 
the claim limitation since the IF-NOT (i.e. ELSE) condition is not recited in the claim and 
the prior-art evidently always covers the IF condition by generating a second output key 
regardless - i.e. the original contribution from the first input key, second input key or 
third input key is modified by (a) using a feedback loop to replace the IV value via a 
switch (Figure 4 / Element 417), and (b) the key space size variable (Figure 4 / Element 
430) is also used as a key variation for modification purpose and the subsequent one- 
way key hashing function (Figure 4 / Element 456) is further employed to generate a 
second output key to avoid a weaken output key). 

As per claim 4, 14 and 24, Sprunk as modified teaches determining whether said 
second output key is at least one of a unique key and differs from said at least said 
modified one of at least one of said first input key, said second input key and said third 



Application/Control Number: 10/713,415 Page 9 

Art Unit: 2131 

input key (Sprunk: Para [0017] Line 4 - 5 and Para [0036] & Schneier: Page 282, 2 nd 
Para / Line 3: (a) Sprunk teaches the desirable output key should be unique (Para 
[0017] Line 4-5: the output key should not be repeated (b) Schneier teaches the users 
should be warned unless the output key is not a complement key - i.e. a 
complementary key is interpreted as an equivalent key and should be tested and 
avoided). 

As per claim 5, 15 and 25, Sprunk as modified teaches said first output key and 
said second output key are not weak or semi-weak keys (Sprunk: Figure 4, Para [0037] 
- [0039], Para [0041], Para [0029] Line 1 - 4 and Para [0007]: the selection and 
distribution may also be non-random and therefore, the output key has the key-bit 
randomly distributed over a key space corresponding to B-bit keys again from N-bits 
(Para [0037] - [0039] and Para [0041]), which is thereby not weaken for the purpose 
against hostile attackers (Para [0007] Line 13 - 15)). 

6. Claims 7 - 9, 17 - 19 and 27 - 29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sprunk et al. (U.S. Patent 2003/0007644), in view of Bennett et al. 
(U.S. Patent 4,864,615). 

As per claim 7, 17 and 27, Sprunk teaches an intermediate key of Key-3 or Key-4 
(Figure 4 / Element 440 / 445) for DES key generator. However, Sprunk does not 
disclose expressly generating an intermediate key based on said first input key. 
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Bennett teaches generating an intermediate key based on said first input key 
(Bennett: Column 6 Line 65 - 67 / Line 59 - 62 and Figure 2 / Element 18 & 42: a first 
intermediate key is generated based on the first-key (pre-key) associated with a DES 
key encryptor). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Bennett within the system of Sprunk 
because (a) Sprunk teaches a method to provide cryptographic keys for DES 
cryptographically processing information systems (Sprunk: Abstract / Line 1-2 and 
Para [0003]) and (b) Bennett teaches a key security system for reproducing DES secure 
keys by using distributed key generation data and a distributed encrypted pre-key with a 
secured chain of protection for generated keys (Bennett: Column 2 Line 18-21, 
Column 3 Line 43 - 46 Column 6 Line 65 - 67 / Line 59 - 62). 

As per claim 8, 18 and 28, Sprunk as modified teaches scrambling said 
generated intermediate key and said generated mapped output key data to create a 
scrambled output (Sprunk: Figure 4 / Element 450 / 455 / 456 and Para [0039]: the 
second stage of dual DES key scrambler (Figure 4 / Element 450 / 455) is qualified as a 
scrambler with two input data: (a) a generated intermediate kev of Key-3 or Key-4 from 
the first key and (b) the output data of AND gate at Figure 4 / Element 437 sourced from 
the generated mapped output kev data) . 
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As per claim 9, 19 and 29, Sprunk teaches masking at least a portion of said 
generated mapped output key data (Sprunk: Figure 4 / Element 435 / 437 and Para 
[0036]: the AND gate is considered as a masking function); and exclusive ORing said 
masked at least said portion of said generated mapped output key data and said 
scrambled output to generate said first output key (Sprunk: Figure 4 / Element 460 and 
Para [0039]: the adder (i.e. XOR entity of Figure 4 / Element 460) performs an exclusive 
ORing function on the scrambled output at Figure 4 / Element 456 derived from the 
second stage of dual DES key scrambler and the output data of AND gate at Figure 4 / 
Element 437 sourced from the generated mapped output key data). 

7. Claims 32 - 34 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sprunk et al. (U.S. Patent 2003/0007644), in view of Naclerio (U.S. Patent 7,028,014). 

As per claim 32, Sprunk teaches a key output of XOR operator (Sprunk: Figure 4 
/ Element 460 and Para [0039]: the adder (i.e. XOR entity (Figure 4 / Element 460)) 
performs an exclusive ORing function) and transferring said generated first output key 
to an encryption engine that utilizes said generated first output key to encrypt 
information (Sprunk: Figure 3 / Element 340 and Para [0035] Line 9 - 1 1: the new 
output key is used to encrypt the information). 

However, Sprunk does not disclose expressly at least one processor coupled to 
an output of said XOR operator. 
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Naclerio teaches at least one processor coupled to an output of said XOR 
operator (Naclerio: Column 4 Line 1 - 9: encrypting the data and storing it again in the 
memory - this encryption is performed by the processor executing encryption software 
in the memory (ROM) or optionally be performed by an encryption engine). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Naclerio within the system of Sprunk 
because (a) Sprunk teaches transferring the output key to an encryptor for encrypting 
information (Sprunk: Figure 3 / Element 340 and Para [0035] Line 9-11) and (b) 
Naclerio teaches a typical structure of an encryptor that can perform encryption 
functions (Naclerio: Column 4 Line 1 - 9). 

As per claim 33, Sprunk as modified teaches an encryption engine that is 
coupled to an output of said XOR operation (Sprunk: Figure 4 / Element 460 and Para 
[0039]: the adder (i.e. XOR entity (Figure 4 / Element 460)) performs an exclusive 
ORing function) and transferring said generated first output key to an encryption engine 
that utilizes said generated first output key to encrypt information (Sprunk: Figure 3 / 
Element 340 and Para [0035] Line 9 - 1 1 : the new output key is used to encrypt the 
information). 

As per claim 34, Sprunk as modified teaches a memory coupled to at least one of 
said encryption engine and said at least one processor (Naclerio: Column 4 Line 1-9: 
encrypting the data and storing it again in the memory - this encryption is performed by 
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the processor executing encryption software in the memory (ROM) or optionally be 
performed by an encryption engine). 



Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Longbit Chai whose telephone number is 571-272-3788. The examiner 
can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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